COVID19 Threat Sharing Group

Recently I joined a COVID19 threat sharing group. It is pretty amazing watching the data analysis and community driven response to the pandemic. One of the biggest contributions the community has made is publishing an easy to access blacklist: https://blocklist.cyberthreatcoalition.org/vetted/At time of this writing the domain and URL categories are very fleshed out, and each … Continue reading COVID19 Threat Sharing Group

Initial Security Onion Problems

I have been working on implementing Security Onion in a production environment. The two major problems that have given me headaches so far is storage on the sensor nodes, and internal networking. Networking Problem Security Onion uses docker to create and manage different aspects of itself. Below is a good image of the different containers … Continue reading Initial Security Onion Problems

Threat Emulation – Tune Tune Tune

Today's compliance environment requires more and more monitoring to be put in place, which is awesome! More logs, more samples, more alerts! However, just implementing and monitoring a SIEM or other log/alerting solution is not really going to ensure you're seeing what you need to so. Instead you might want to consider a bit of … Continue reading Threat Emulation – Tune Tune Tune

Network Flight Simulator

I have been looking for training mechanisms lately for the team. Luckily, it looks like folks already have been trying to find the same, because this handy repository was already built Adversary Emulation APTSimulator - Windows Batch script that uses a set of tools and output files to make a system look as if it was … Continue reading Network Flight Simulator